Specific Privacy Statement (SPS) 


European Data Protection Board (EDPB) public consultations in the context of article 70 
GDPR 


1. Introduction 


The GDPR determines that the EDPB shall, where appropriate, consult interested parties and 
give them the opportunity to comment within a reasonable period, in accordance with article 
70(4). This is also foreseen in the EDPB’s own Rules of Procedure (article 30). Furthermore, 
without prejudice to discussions deemed confidential in the context of article 70 GDPR, the 
EDPB shall make the results of the consultation procedure publicly available. This procedure 
allows third parties to participate and state their views regarding the tasks of the EDPB under 
article 70, in a clear and transparent manner. 


The lawfulness of the processing operation made by the EDPB (the collection, assessment, 
storage and publication of personal data in the context of public consultations) is therefore 
rooted in article 5(1) and (2) of Regulation 2018/1725. 


2. What personal data does EDPB collect, for what purpose and through which technical 
means? 


2.1. Processed personal data 


Name, email address, company, respective sector and country of the respondents to the public 
consultation. Any additional personal data the respondent(s) provides in the context of its reply 
to the public consultation will also be processed. 


2.2. Purpose of the processing 


The purpose of the processing is the management of public consultations (including the 
collection, assessment, storage and publication of personal data) as foreseen in article 70(4) 
GDPR and article 30 of the EDPB’s Rules of Procedure. 


3. Who has access to your information and to whom is it disclosed? 
The following entities have access to your information: 


e All EDPB Members; 

e EDPB Secretariat staff on a need-to-know and need-to-do basis; 

e The European Commission (DG DIGIT); 

e Bodies charged with a monitoring or inspection task in application of EU law, e.g. 
OLAF, IDOC, Internal Audit Service, as well as staff of other services, where necessary 
in the context of official investigations or for audit purposes; 

e Members of the public, since the results of the consultation procedure will be made 
publicly available and may also be subject to a request for access to documents. 


Secretariat of the European Data Protection Board 


rue Wiertz, 60 
1047 Brussels 


4. How does EDPB protect and safeguard your information? 


Replies to public consultations including personal data are initially submitted by individuals / 
stakeholders through the public consultation tool available in the EDPB website. The EDPB 
Secretariat staff will screen the replies provided (to block unauthorised submissions, such as 
spam), after which the replies will be made available to the public directly on the EDPB public 
consultations’ page. Unauthorised submissions are immediately deleted. 


Email addresses are never publicly displayed, but they are stored and may be used by the EDPB 
Secretariat and/or the EDPB members for correspondence related to the reply provided. 


Individuals replying as such have the option of not having their name published together with 
their reply to the public consultation, by selecting the respective “check box” at the moment of 
submission. 


5. How can you verify, modify or delete your information? 


You can object to the processing of your personal data, in particular its publication, on grounds 
relating to your particular situation, by stating said grounds in the email through which you 
submit your reply to the public consultation. If the EDPB is not able to demonstrate compelling 
legitimate grounds for the processing which override your interests, rights and freedoms, we 
will remove the personal data categories indicated in section 2.1 above. The same applies to 
the processing for the establishment, exercise or defence of legal claims. 


In addition, you have the right to request from the EDPB access to, rectification or erasure of 
personal data, or restriction of processing concerning your dataor, where applicable, the right 


to data portability. 


To exercise your rights as a data subject, see the “Contact information” section of this SPS 
below. 


6. For how long do we keep your data? 


Your personal data is stored for as long as necessary given the purposes for which it was 
collected (see point 2.2 above), after which it will be deleted. 


7. Time limit for addressing your personal data modification request 

The time limit for treating your request and modifying the database fields is four (4) weeks. 
8. Contact information 

In case you have questions, or wish to exercise your rights, please contact the European Data 


Protection Board, using the following contact information: edpb@edpb.europa.eu. You can 
also directly contact the EDPB Data Protection Officer, at edpb-dpo @edpb.europa.eu. 


9, Resources 


Complaints, in case of conflict, can be addressed to the European Data Protection Supervisor 
(EDPS) at the following address: 


European Data Protection Supervisor (EDPS) 
Rue Wiertz 60 

B-1047 Brussels 

Belgium 

Phone: +32 2 283 19 00 Fax: +32 2 283 19 50 
Email: edps @edps.europa.eu 


